Let’s say that you get an email saying that your cPanel account may have been compromised and you need to sign into your FTP account to initiate a “security check” on it.
The email says it’s from “cPanel Inc,” has the cPanel logo, has a link that leads you to believe it points to the cPanel website, and warns that your domain may be suspended if you fail to respond within 2 business days.
Check it out:
From: cPanel Inc
Subject: Your Messages
cPanel Message Center
Due to our security upgrade to avoid multiple login and an unauthorized access to your online cPanel and FTP account we do require you to sign in your domain name and username and password for security check on your account and afterward we shall send a security code to your email as part of confirmation that your domain has now been properly verified and secured.
To process to confirm and verify your domain for this security check please click
Failure to confirm your domain within 2 business days may lead to suspension of your domain if we observe any unauthorized login and may lead to total removal of the domain name from our system.
Now, should you:
- Follow the instructions, click the embedded link and login to your account.
- Open a browser window, manually access your website control panel and check for any security alerts.
If your answer was “A” then I have some bad news: you just fell for a phishing scam. Now would be a good time to change your website credentials, if you’re still able to.
The link provided in the email leads to a (compromised) third-party website touting a fake cPanel login page. Any credentials supplied will be sent off to the cybercriminals, and they can use that information to hijack your website and setup drive-by-downloads, phishing pages or whatever else their little black hear desires.
It is important to note that if something suspicious was going on with your account, you’d likely get an email from your web hosting company, not cPanel.
That being said, if you happen to receive an email like the one shown above, be sure that you mouseover any links to check the destination URL first, or skip any possibility of following a malicious link by manually typing in the web address you want to visit instead.
[via Barracuda Labs]